GitLab

Created by: cirosantilli

Easier to type and remember: if I mistype this one more time I will.......

Downside: lose the indication that your password should have uppercase and special chars.

But if an admin does not know that, then that is the least security concern for the users... so I it's worth having the simpler password.

The real solution to stronger passwords for all users is to add a password strength indicator.

Created by: TeatroIO

I've prepared a stage. Click to open.

By Administrator on 2014-09-27T08:55:14 (imported from GitLab project)

Created by: houndci-bot

Prefer single-quoted strings when you don't need string interpolation or special symbols.

By Administrator on 2014-10-01T09:15:37 (imported from GitLab project)

Created by: houndci-bot

Prefer single-quoted strings when you don't need string interpolation or special symbols.

By Administrator on 2014-10-01T09:15:37 (imported from GitLab project)

Created by: houndci-bot

Prefer single-quoted strings when you don't need string interpolation or special symbols.

By Administrator on 2014-10-01T09:15:37 (imported from GitLab project)

Created by: seuros

I think thie is unsecure. When the password is hard to remember, the user normally change it to something personal. But when it 12345678, the admin might keep it.

By Administrator on 2014-09-27T10:30:23 (imported from GitLab project)

Created by: maxlazio

I don't like this. There is an option already to setup custom password on installation so changing this doesn't make too much sense.

By Administrator on 2014-09-27T10:36:07 (imported from GitLab project)

Created by: cirosantilli

@seuros I'm not sure: if we consider admins who are at that level of inexperience (thinking that 12345678 is fine), then he might as well think that 5iveL!fe is secure because complicated and not change. In any case, there is nothing anyone can do to secure an installation for such inexperienced admins.

@maxlazio I don't quite understand why it doesn't make sense: there exists an option, and I'm proposing to give it a better default value. Of course, it may be questioned if this is a better default.

Another options is to change if only for development, but I think it is a better production value also.

By Administrator on 2014-09-27T11:25:08 (imported from GitLab project)

Created by: cirosantilli

Also when you install gitlab for the first time, it redirects you to: http://localhost/profile/password/new to select a new password after logging in for the first time... so you have to type it 2x to change it.

By Administrator on 2014-10-22T13:46:13 (imported from GitLab project)

Created by: dblessing

I don't see the immediate value for this. Also, changing it has some inherent 'risk' to usability because users often Google for the default user/pass for any system. In GitLab's case you're going to find 5!veL1fe and when that doesn't work, be stuck or confused. It's hard enough we just changed the default username, which was forced due to security concerns.

By Administrator on 2014-10-24T03:54:57 (imported from GitLab project)

Created by: cirosantilli

Very well, seems people don't want this.

By Administrator on 2014-10-24T07:06:02 (imported from GitLab project)